More info: IPtables rule problem: ATT- Pete Nesbitt :- Pls disregard earlier one-same subject
menonrr at jmu.edu
menonrr at jmu.edu
Fri Oct 15 15:07:09 UTC 2004
10/15
Hello Pete Nesbitt,
Thank You for the response. I am sorry that I did not include
the problem-details from the eariler mail for reference. Hence
please disregard the earlier mail with the same subject.
Clarification:
The gateway's external interface is 'eth1'. The internal
interface is 'eth0'.
Hence your interpretation is right.
a) Log for testing purpose, all syslog traffic from gateway to
logserver going out through *eth0* to inside. Hence the rule
is in the OUTPUT chain as the traffic outputs to *eth0* to
reach the internal network.
b) I know the second rule is wrong. I wanted a rule that logs
all traffic going to inside through *eth0*, but NOT udp 514
traffic, as it is dealt in the earlier rule.
Thanks.
Reference:
10/14
Hello,
I needed to send my syslog from 192.16.1.10 (firewall/GW) to
192.168.1.3, the logserver. The syslogging worked. But since I
am monitoring all connections going to the internal
network(eth0) from outside, the log was filled with the syslog
connections from the gateway to the logserver.
So I gave 2 rules to help me with that:
To log the syslog traffic (just testing syslog)
#$IPTABLES -A OUTPUT -o eth0 -p udp -s 192.168.1.10/32
--source-port 514 -d 192.168.1.3/32 --destination-port 514 -m
limit --limit 15/minute --limit-burst 10 -j LOG --log-prefix
"Syslog traffictoTest: " # Log packets going to 192.168.1.0
(Rule I really need to log inbound traffic)
#$IPTABLES -A OUTPUT -o eth0 -p udp --destination-port ! 514
-m limit --limit 1/second --limit-burst 10 -j LOG --log-prefix
"Output packetsToTest: " # Log packets entering testnet except
udp 514 for syslog
----------------
The Problem:
-----------------
Only the syslog traffic is received. I lost all logging of
inbound traffic.
I would appreciate some help on this.
Thanks.
Menon
More information about the redhat-list
mailing list